SC-200 - Manage a Security Operations Environment - Section 1.3
Manage automated investigation and response, automatic attack disruption, Microsoft Sentinel automation rules, and playbooks.
Understand automated investigation and response (AIR) in Microsoft Defender XDR and how automatic attack disruption contains active attacks before an analyst intervenes. Configure Microsoft Sentinel automation rules to triage and route incidents, and build playbooks backed by Logic Apps connectors to orchestrate response actions across multiple services.
automated investigation and response (AIR)automatic attack disruption in Microsoft Defender XDRMicrosoft Sentinel automation rulesMicrosoft Sentinel playbooksLogic Apps connectors
More in this domain
Back to all Manage a Security Operations Environment objectives, or the SC-200 cert hub.
Examworthy is not affiliated with or endorsed by Microsoft. Original, blueprint-aligned practice material only.